Security Incidents mailing list archives
RE: A question for the list...
From: "Mark Ng" <laptopalias1-mark () informationintelligence net>
Date: Tue, 20 May 2003 20:56:15 +0100
Just 2 cents -
Is this proposal a vaccine, or could it unleash such collateral damage as to make the Internet useless? Keep in mind that the "attackers" are more then likely compromised systems, and are thus "innocents." But is
Are owners of long term compromised systems really "innocents"? If people have left systems compromised with worms that are attacking other networks and reports have been ignored for significant amounts of time, then surely the compromised party are guilty of negligence ? Personally, I think there are merits to some kind of "strikeback" system, but it has worse than dubious legality, and would definitely be abused (without a question). I think that ISP's need to make a more active role in this, and actively threaten to cut off customers whos compromised systems are attacking other networks on the internet. Perhaps rather than a strikeback system, something similar to ARIS could be used to send automated alerts to ISP's warning them that x number of their customers have the latest worm. In the event that ISP's are non-compliant, and don't deal with their infected customers, peering points could agree to enforce this upon ISP's. This is much preferable to doing things that may or may not be morally correct, but are a legal minefield. Thoughts ? Regards, Mark Ng (www.informationintelligence.net) ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- A question for the list... Dan Hanson (May 16)
- Re: A question for the list... Ray Stirbei (May 17)
- RE: A question for the list... John McCracken (May 17)
- Re: A question for the list... Ed Shirey (May 17)
- RE: A question for the list... Dan Perez (May 19)
- Re: A question for the list... Ray Stirbei (May 19)
- RE: A question for the list... Benjamin Tomhave (May 21)
- Re: A question for the list... Kevin Reardon (May 20)
- RE: A question for the list... Mark Ng (May 21)
- Re: A question for the list... Kevin Reardon (May 21)
- RE: A question for the list... Rob Shein (May 22)
- Re: A question for the list... Gary Flynn (May 21)
- Re: A question for the list... Jimi Thompson (May 23)
- Re: A question for the list... Jay D. Dyson (May 25)
- Re: A question for the list... Ray Stirbei (May 17)
- Re: A question for the list... Andy Shelley (May 20)
- RE: A question for the list... John McCracken (May 20)
- Re: A question for the list... Anders Reed Mohn (May 20)